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Confidentiality 
The obligation to protect identity and privacy 


Confidentiality refers to the obligation 

of data custodians (agencies that collect 
information) to keep the confidential 
information they are entrusted with secret. 


This obligation is recognised in the 

Privacy Act 1988. The obligation to protect 
confidential information is also reflected in 
legislation governing the collection, use and 
dissemination of information for specific 
government activities. Examples include 
the Social Security (Administration) Act 

1999, the Taxation Administration Act 1953, 
and the Census and Statistics Act 1905 (see 
page 2 of this sheet). Penalties apply if the 
secrecy provisions set out in these Acts are 
breached. 


As well as the requirements set out in 
legislation, obligations to protect a person's 
or organisation's identity and privacy 
are also outlined in government policies 
and principles. These provide advice on 
the protocols and procedures required 
to manage information safely. ‘High Level 
Principles for Data Integration Involving 
Commonwealth Data for Statistical and 
Research Purposes’ is one example of a 
set of principle-based obligations for 
Commonwealth government agencies. 
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Obligations governing the collection and release 

of data are stated in Acts of Parliament and in 
government policies and guidelines. 

These obligations try to strike a balance between 

the need to collect and use personal and sensitive 
information and the need to protect provider identity, 


Meeting legislative obligations 


Agencies protect the secrecy of information 
by implementing policies and procedures 
that address all aspects of data protection. 


They do this by ensuring that identifiable 
information about individuals and 
organisations: 


> is not released publicly; 


> is available to authorised people on a 
need to know basis only; 


> cannot be derived from disseminated 
data; and 


> is maintained and accessed securely. 


Privacy legislation 

The Privacy Act 1988 sets out people's rights 
in relation to the collection, use and sharing 
of information that they provide to the 
Commonwealth and ACT governments. 
These governments are bound to privacy 
protections under the Information Privacy 
Principles of the Act. 


Some private sector organisations, and 

all health service providers, are bound by 
rules of conduct called the National Privacy 
Principles, outlined in Schedule 3 of the Act. 


State and territory government agencies, 
except Western Australia, are bound by 
their state privacy legislation. Currently, 
various confidentiality provisions and 
privacy principles provided in the Freedom 
of Information Act 1992 apply to Western 
Australian government agencies. 


Information Privacy Principles 

The Information Privacy Principles for 
Commonwealth and ACT government 
agencies cover: 

» how personal information is collected; 


> the storage and security of personal 
information; 


> accuracy and completeness of personal 
information; 


> the use of personal information and its 
disclosure to third parties; and 


> the general right of individuals to access 
and correct their own records. 


National Privacy Principles 

The National Privacy Principles for business 

cover: 

>» what an organisation should do when 
collecting personal information; 


> the use and disclosure of personal 
information; 


> information quality and security; 
> openness; 


>» the general right of individuals to access 
and correct their own records; and 


> rules around sensitive information (e.g. 
health, racial or ethnic background, or 
criminal record). 


For more information about confidentiality, or to provide feedback on this series, 


please email: inquiries@nss.gov.au 
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Confidentiality — the obligation to protect identity and privacy 


Example 1: Social Security (Administration) Act 1999 


The confidentiality provisions in the Social Security (Administration) Act 1999 prohibit any person from misusing information about 
a person that is, or was, held in government records for social security purposes. The provisions specify offences related to the 
unauthorised disclosure or use of protected information. They also specify circumstances where obtaining, recording, disclosing, 
or otherwise using protected information may be authorised. The penalty for breaking the confidentiality provisions is up to two 
years imprisonment. 

Reference: Social Security Act 1991 and Social Security (Administration) Act 1999 Part 5 Division 3 Confidentiality 


Example 2: Australian Institute of Health and Welfare Act 1987 


The provisions of the Australian Institute of Health and Welfare (AIHW) Act 1987 ensure that data collections managed by AIHW are 
kept under strict conditions with respect to confidentiality. The penalty for breaking the confidentiality provisions is $2,000 or 
imprisonment for 12 months, or both. The AIHW Act 1987 provides for AIHW to release health and welfare-related data for research 
purposes, with the approval of the AIHW Ethics Committee, under certain terms and conditions. However, AIHW is also subject 

to the Privacy Act 1988, which restricts AIHW’s ability to release identifiable data about living individuals. The combined effect 

of these Acts is that AIHW may make health data about living individuals available for research with the approval of the AIHW 
Ethics Committee, provided certain terms are met. Release of identifiable welfare data may only be approved by the AIHW Ethics 
Committee in respect of deceased individuals. Under Section 29 of the AIHW Act, a person to whom such information is divulged 
for any reason is subject to the same confidentiality obligations as apply to AIHW staff. 

Reference: Australian Institute of Health and Welfare Act 1987 Section 29 


Example 3: Taxation Administration Act 1953 


The disclosure of information about the tax affairs of a particular entity is prohibited except in certain specified circumstances 
under the Taxation Administration Act 1953. Those exceptions are designed to meet the principle that disclosure of information 
should be permitted only if the public benefit derived outweighs the entity's privacy. The penalty for breaking these provisions of 
the Taxation Act is two years imprisonment. 

Reference: Taxation Administration Act 1953 Schedule 1, Division 355, Confidentiality of taxpayer information 


Example 4: Census and Statistics Act 1905 


The Census and Statistics Act 1905 gives the Australian Bureau of Statistics (ABS) authority to collect data for statistical purposes. 
Under this Act, information supplied to the ABS cannot be published or disseminated in a manner that is likely to enable the 
identification of a particular person or organisation. The Act contains provisions obliging past and present employees of the ABS 
to maintain the secrecy of data collected under the Census and Statistics Act. A fine of up to $13,200, or a penalty of two years 
imprisonment, or both, applies to an unauthorised disclosure of information collected under the Act. 

Reference: Census and Statistics Act 1905, Sections 12 and 19 


Example 5: High Level Principles for Data Integration Involving Commonwealth Data for Statistical and Research 
Purposes 


Commonwealth Portfolio Secretaries have endorsed a set of principles for a safe and effective environment for data integration 
involving Commonwealth data for statistical and research purposes. Principle six, Preserving Privacy and Confidentiality, says that 
policies and procedures used in data integration must minimise any potential impact on privacy and confidentiality. For example, 
access to potentially identifiable data for statistical and research purposes outside secure and trusted institutional environments 
should only occur where: legislation allows; it is necessary to achieve the approved purposes; and it meets agreements with source 
data agencies. 

Reference: www.nss.gov.au 


For more information about confidentiality, or to provide feedback on this series, 
please email: inquiries@nss.gov.au 


